Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compliance rating (BSI TR-03183) using CycloneDX 1.6 #55

Open
LungTim opened this issue Sep 20, 2024 · 2 comments
Open

Compliance rating (BSI TR-03183) using CycloneDX 1.6 #55

LungTim opened this issue Sep 20, 2024 · 2 comments

Comments

@LungTim
Copy link

LungTim commented Sep 20, 2024

I noticed three things:

  1. The required "Source Hash" is "undefined" for CycloneDX SBOMs. I'd suggest that adding "hashes" to a detected "externalReferences" such as:
    "externalReferences": [ { "type": "vcs", "url": "https://URL/artifact", "hashes": [ { "alg": "SHA-256", "content": "123aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaddd" } ] }
  2. The usage of "compositions" (see https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-SBOM-en.pdf page 60) causes an exception as soon as "assemblies" are used, e.g.:
    "compositions": [ { "aggregate": "complete", "assemblies": [ "com:product:system:subsystem:component:componentname" ] } ]
  3. The BSI document states in 6.1.5 that the dependencies must cover all components. As every component must again trace all dependencies, the final component(s) would require an empty "dependsOn" and this should be valid. But even if this chain of dependencies is included, the compliance reporter returns "5.0 unattested-has-relationships" overall and a "0.0 no-relationships" for each empty "dependsOn". How could this be resolved as full compliance if there cannot be any more dependencies?
@riteshnoronha
Copy link
Contributor

@LungTim thanks for your suggestion are you talking about sbomqs or sbomasm ??

@viveksahu26
Copy link
Contributor

viveksahu26 commented Sep 21, 2024
edited
Loading

Hey @LungTim , a good catch as you mentioned on point 3. I have fixed this one in this PR. And the components only includes dependencies of type "depends on". Here is how it looks like:
Apart from that it would be great if you could provide your manifest for testing to make sure it works correctly.

BSI TR-03183-2 v1.1 Compliance Report 
Compliance score by Interlynk Score:4.8 RequiredScore:5.4 OptionalScore:4.2 for /home/linuzz/sbom/sbomqs-cyclonedx-gomod.json
* indicates optional fields
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                ELEMENTID                 | SECTION |           DATAFIELD            |                                                      ELEMENT RESULT                                                      | SCORE |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/anchore/go-struct-converter   | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/anchore/go-struct-converter                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.0.0-20230627203149-c72ef8859ca9                                                                                       |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | e823a95d6a476e158cd7081c40df794ddb26acb4db6bc2907cf8089815f39230                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/anchore/go-struct-converter                                                                           |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/anchore/go-struct-converter@v0.0.0-20230627203149-c72ef8859ca9?type=module&goos=linux&goarch=amd64 |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/sync                        | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/sync                                                                                                        |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.7.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 62c2267d20683fd40f60bd31c8a24fab481c689746deb227a2ac5359b7d0bbd3                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/sync@v0.7.0?type=module&goos=linux&goarch=amd64                                                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/common-nighthawk/go-figure    | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/common-nighthawk/go-figure                                                                                    |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.0.0-20210622060536-734e95fb86be                                                                                       |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 27904bda4b2402557d724804b0d417b1c8c868b88e62267be5de1ef7813a75c4                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/common-nighthawk/go-figure                                                                            |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/common-nighthawk/go-figure@v0.0.0-20210622060536-734e95fb86be?type=module&goos=linux&goarch=amd64  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| sigs.k8s.io/yaml                         | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | sigs.k8s.io/yaml                                                                                                         |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.4.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 324d7009cda0cbf1744c71f44c0a75418c89373466d8a08bcb7a390125d52391                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/sigs.k8s.io/yaml@v1.4.0?type=module&goos=linux&goarch=amd64                                                   |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spdx/tools-golang             | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/spdx/tools-golang                                                                                             |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.5.5                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/anchore/go-struct-converter,                                                                                  |   5.0 |
|                                          |         | components                     | github.com/spdx/gordf, sigs.k8s.io/yaml                                                                                  |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | eb573428b7c070da808e583a50d31d930a4c7ab9e1c37cd54700d9db1f573a69                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/spdx/tools-golang                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/spdx/tools-golang@v0.5.5?type=module&goos=linux&goarch=amd64                                       |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/tools                       | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/tools                                                                                                       |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.22.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/mod,                                                                                                        |   5.0 |
|                                          |         | components                     | golang.org/x/sync,                                                                                                       |       |
|                                          |         |                                | golang.org/x/sys                                                                                                         |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 82a4862d9aaff8023d9484339e22749d90d11b91813ec4a2f8344d1d6373eb20                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/tools@v0.22.0?type=module&goos=linux&goarch=amd64                                                |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/google/uuid                   | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/google/uuid                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.6.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 348bda24330eb231c0f27d630212d2833ac0cf2d4782bfa136b6f9edefbde05d                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/google/uuid                                                                                           |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/google/uuid@v1.6.0?type=module&goos=linux&goarch=amd64                                             |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/mattn/go-runewidth            | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/mattn/go-runewidth                                                                                            |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.0.15                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/rivo/uniseg                                                                                                   |   5.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 50d023c1b53d979e130372b3bea2c6c705a31e63200545610624e37a56608375                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/mattn/go-runewidth                                                                                    |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/mattn/go-runewidth@v0.0.15?type=module&goos=linux&goarch=amd64                                     |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spf13/pflag                   | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/spf13/pflag                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.0.5                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 8b2f951543823f56bef3216da3f76b836089e6ed3246807b7d9c370cabff2570                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/spf13/pflag                                                                                           |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/spf13/pflag@v1.0.5?type=module&goos=linux&goarch=amd64                                             |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| sbom                                     |       4 | specification                  | cyclonedx                                                                                                                |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          |       4 | specification version          |                                                                                                                      1.5 |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          |     5.1 | build process                  |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          |     5.1 | depth                          | doc has 15 dependencies                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.1   | creator of sbom                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.1   | timestamp                      | 2024-09-01T11:12:11+05:30                                                                                                |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.1*  | SBOM-URI                       | urn:uuid:36744bcf-0c34-40dc-b0d6-438952e8b643/1                                                                          |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | components                     | present                                                                                                                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/package-url/packageurl-go     | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/package-url/packageurl-go                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.1.3                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | e23b8c103de11e2cf4b1eb7756adca790ef9283d5abed8685cbb661372343cbb                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/package-url/packageurl-go                                                                             |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/package-url/packageurl-go@v0.1.3?type=module&goos=linux&goarch=amd64                               |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/inconshreveable/mousetrap     | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/inconshreveable/mousetrap                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.1.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | c0dfb1e0d546a4cb0eec4ad49ff994237bc4a04e89b75dd7dacd1bab0a7db5cf                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/inconshreveable/mousetrap                                                                             |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/inconshreveable/mousetrap@v1.1.0?type=module&goos=linux&goarch=amd64                               |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/Masterminds/semver/v3         | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/Masterminds/semver/v3                                                                                         |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v3.2.1                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 44df70ebeed0a0c789546c9f99b720b36f01afc72f9a7b9c1179d8d2b6175a0d                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/Masterminds/semver                                                                                    |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/Masterminds/semver/v3@v3.2.1?type=module&goos=linux&goarch=amd64                                   |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/rivo/uniseg                   | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/rivo/uniseg                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.4.7                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 59476f916f2e121ad87cb0b8673769236cedc4fd48e7cdbee3d39ce4cabae154                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/rivo/uniseg                                                                                           |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/rivo/uniseg@v0.4.7?type=module&goos=linux&goarch=amd64                                             |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/cloudflare/circl              | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/cloudflare/circl                                                                                              |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.3.9                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/crypto,                                                                                                     |   5.0 |
|                                          |         | components                     | golang.org/x/sys                                                                                                         |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 405ae580561fd90a62f1b4a954f2b51c1bd6a71d7abffd53662bf2a3ba46b811                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/cloudflare/circl                                                                                      |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/cloudflare/circl@v1.3.9?type=module&goos=linux&goarch=amd64                                        |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| sigs.k8s.io/release-utils                | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | sigs.k8s.io/release-utils                                                                                                |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.8.3                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/Masterminds/semver/v3,                                                                                        |   5.0 |
|                                          |         | components                     | github.com/common-nighthawk/go-figure,                                                                                   |       |
|                                          |         |                                | github.com/inconshreveable/mousetrap,                                                                                    |       |
|                                          |         |                                | github.com/maxbrunsfeld/counterfeiter/v6,                                                                                |       |
|                                          |         |                                | github.com/spf13/cobra,                                                                                                  |       |
|                                          |         |                                | github.com/spf13/pflag, golang.org/x/mod,                                                                                |       |
|                                          |         |                                | golang.org/x/sync, golang.org/x/sys,                                                                                     |       |
|                                          |         |                                | golang.org/x/text, golang.org/x/tools                                                                                    |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 2ad3ad038a839b3272790db3903b05548db9f8d562c26b3fa3978bd8d7ed15d0                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/sigs.k8s.io/release-utils@v0.8.3?type=module&goos=linux&goarch=amd64                                          |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/oauth2                      | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/oauth2                                                                                                      |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.21.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | b6c8a633be70d6d17fbb0b39adb787cc85b112a12531e86773e896efddf3b19b                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/oauth2@v0.21.0?type=module&goos=linux&goarch=amd64                                               |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/google/go-querystring         | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/google/go-querystring                                                                                         |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.1.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 0270aba21ddfbf864181521fd48c2da2f8236b0fc688a268f0cf320ff7e1c89f                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/google/go-querystring                                                                                 |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/google/go-querystring@v1.1.0?type=module&goos=linux&goarch=amd64                                   |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spdx/gordf                    | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/spdx/gordf                                                                                                    |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.0.0-20221230105357-b735bd5aac89                                                                                       |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 740ae433067b31fd89894f0e7dd9aa22ff106874f8a3289f2c87b5521b05d526                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/spdx/gordf                                                                                            |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/spdx/gordf@v0.0.0-20221230105357-b735bd5aac89?type=module&goos=linux&goarch=amd64                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| gopkg.in/yaml.v2                         | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | gopkg.in/yaml.v2                                                                                                         |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v2.4.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 0fcc60c04098ec262fc7e6369f8b01cfddc99fd251bf1762cb2a3c0937ee29a6                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/go-yaml/yaml                                                                                          |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/gopkg.in/yaml.v2@v2.4.0?type=module&goos=linux&goarch=amd64                                                   |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/CycloneDX/cyclonedx-go        | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/CycloneDX/cyclonedx-go                                                                                        |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.9.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 8a76a27fba83f1b8afcb1a7b5cb831518b4e5d6b437b3efe8fbdaa2933104dbf                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/CycloneDX/cyclonedx-go                                                                                |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/CycloneDX/cyclonedx-go@v0.9.0?type=module&goos=linux&goarch=amd64                                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| go.uber.org/multierr                     | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | go.uber.org/multierr                                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.11.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 6e55d72644b14927c1541942efaa71a9e3be2cddda0df2d0a3edf4f7126cb4ed                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/go.uber.org/multierr@v1.11.0?type=module&goos=linux&goarch=amd64                                              |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/maxbrunsfeld/counterfeiter/v6 | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/maxbrunsfeld/counterfeiter/v6                                                                                 |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v6.8.1                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/mod,                                                                                                        |   5.0 |
|                                          |         | components                     | golang.org/x/text,                                                                                                       |       |
|                                          |         |                                | golang.org/x/tools                                                                                                       |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 362726aeec647aa1e30efd3749f4b1aa668bba2b1d76e75f3f7879c1d5c56e13                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/maxbrunsfeld/counterfeiter                                                                            |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/maxbrunsfeld/counterfeiter/v6@v6.8.1?type=module&goos=linux&goarch=amd64                           |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/crypto                      | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/crypto                                                                                                      |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.24.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/sys,                                                                                                        |   5.0 |
|                                          |         | components                     | golang.org/x/text                                                                                                        |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 9a797c0ccd28e75dd7f1f748926c8513fe614d8c5bc183a30d2ffeacaeaaa512                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/crypto@v0.24.0?type=module&goos=linux&goarch=amd64                                               |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/interlynk-io/sbomqs           | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/interlynk-io/sbomqs                                                                                           |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.0.1-0.20240806165718-6099e923b043                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/CycloneDX/cyclonedx-go,                                                                                       |   5.0 |
|                                          |         | components                     | github.com/DependencyTrack/client-go,                                                                                    |       |
|                                          |         |                                | github.com/Masterminds/semver/v3,                                                                                        |       |
|                                          |         |                                | github.com/github/go-spdx/v2,                                                                                            |       |
|                                          |         |                                | github.com/google/go-github/v52,                                                                                         |       |
|                                          |         |                                | github.com/google/uuid,                                                                                                  |       |
|                                          |         |                                | github.com/maxbrunsfeld/counterfeiter/v6,                                                                                |       |
|                                          |         |                                | github.com/olekukonko/tablewriter,                                                                                       |       |
|                                          |         |                                | github.com/package-url/packageurl-go,                                                                                    |       |
|                                          |         |                                | github.com/samber/lo,                                                                                                    |       |
|                                          |         |                                | github.com/spdx/tools-golang,                                                                                            |       |
|                                          |         |                                | github.com/spf13/cobra,                                                                                                  |       |
|                                          |         |                                | go.uber.org/zap, gopkg.in/yaml.v2,                                                                                       |       |
|                                          |         |                                | sigs.k8s.io/release-utils                                                                                                |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   |                                                                                                                          |   0.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/interlynk-io/sbomqs                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/interlynk-io/sbomqs@v1.0.1-0.20240806165718-6099e923b043?type=module&goos=linux&goarch=amd64       |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/text                        | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/text                                                                                                        |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.16.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/mod,                                                                                                        |   5.0 |
|                                          |         | components                     | golang.org/x/sync,                                                                                                       |       |
|                                          |         |                                | golang.org/x/tools                                                                                                       |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 6bde04c6711736d13060b1894885319d6a31a11cff65c0ac57add13aea482e1e                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/text@v0.16.0?type=module&goos=linux&goarch=amd64                                                 |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/spf13/cobra                   | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/spf13/cobra                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.8.1                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/inconshreveable/mousetrap,                                                                                    |   5.0 |
|                                          |         | components                     | github.com/spf13/pflag                                                                                                   |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 7b9fefc4a77fad9b1f4893145f56a0b637930dffaabf5fc974117c820e64f593                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/spf13/cobra                                                                                           |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/spf13/cobra@v1.8.1?type=module&goos=linux&goarch=amd64                                             |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/samber/lo                     | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/samber/lo                                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.46.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/text                                                                                                        |   5.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | c3c1bea1a08f833d4fa02273b6aca608568ac17b7ee5c0979f9d6e3f113115f4                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/samber/lo                                                                                             |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/samber/lo@v1.46.0?type=module&goos=linux&goarch=amd64                                              |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/ProtonMail/go-crypto          | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/ProtonMail/go-crypto                                                                                          |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.0.0                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/cloudflare/circl,                                                                                             |   5.0 |
|                                          |         | components                     | golang.org/x/crypto                                                                                                      |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 2d1baf2138d0597f9621fafddf46071b61cd7e3475b8e7f27f9bc4d240b653bf                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/ProtonMail/go-crypto                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/ProtonMail/go-crypto@v1.0.0?type=module&goos=linux&goarch=amd64                                    |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/google/go-github/v52          | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/google/go-github/v52                                                                                          |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v52.0.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/ProtonMail/go-crypto,                                                                                         |   5.0 |
|                                          |         | components                     | github.com/cloudflare/circl,                                                                                             |       |
|                                          |         |                                | github.com/google/go-querystring,                                                                                        |       |
|                                          |         |                                | golang.org/x/crypto,                                                                                                     |       |
|                                          |         |                                | golang.org/x/oauth2,                                                                                                     |       |
|                                          |         |                                | golang.org/x/sys                                                                                                         |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | bb2196398fa3310f06546497f1d912c02ce57a153759f77143b1b078efc93fb3                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/google/go-github                                                                                      |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/google/go-github/v52@v52.0.0?type=module&goos=linux&goarch=amd64                                   |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/olekukonko/tablewriter        | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/olekukonko/tablewriter                                                                                        |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.0.5                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/mattn/go-runewidth                                                                                            |   5.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 3f619af370f7e308b5a3d27a5a1d6646ea9de2617fc7f960052ecdec06c385e7                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/olekukonko/tablewriter                                                                                |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/olekukonko/tablewriter@v0.0.5?type=module&goos=linux&goarch=amd64                                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/DependencyTrack/client-go     | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/DependencyTrack/client-go                                                                                     |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.13.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | github.com/google/uuid                                                                                                   |   5.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | c364efb9dac16e006d4b6a0c6e2b1fa3d02fe2b2674b583d56c742a59e8f53ff                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/DependencyTrack/client-go                                                                             |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/DependencyTrack/client-go@v0.13.0?type=module&goos=linux&goarch=amd64                              |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| go.uber.org/zap                          | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | go.uber.org/zap                                                                                                          |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v1.27.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | go.uber.org/multierr                                                                                                     |   5.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 689321606adde504a69692ccaf631fb512a5eedf09f0f4d93c0ef7dae77f5d1f                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/go.uber.org/zap@v1.27.0?type=module&goos=linux&goarch=amd64                                                   |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/mod                         | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/mod                                                                                                         |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.18.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | golang.org/x/tools                                                                                                       |   5.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | e7ef6549b1333d2756907df6bd83c1c04a57f0ac036cce7651df71054bcd95bd                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/mod@v0.18.0?type=module&goos=linux&goarch=amd64                                                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| golang.org/x/sys                         | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | golang.org/x/sys                                                                                                         |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v0.21.0                                                                                                                  |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | ac5fa9633dc300649003102ed426c2edc6ad660e1e6c2e1421e2212b1059bf0b                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/golang.org/x/sys@v0.21.0?type=module&goos=linux&goarch=amd64                                                  |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
| github.com/github/go-spdx/v2             | 5.2.2   | component creator              |                                                                                                                          |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component name                 | github.com/github/go-spdx/v2                                                                                             |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | component version              | v2.3.1                                                                                                                   |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | License                        | not-compliant                                                                                                            |   0.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Dependencies on other          | no-relationships                                                                                                         |   0.0 |
|                                          |         | components                     |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.2.2   | Hash value of the executable   | 7df1ae1d36c7b87cd63ede779fc7fda3c7251aeb6e2cf39ba37cc1e09023c54f                                                         |  10.0 |
|                                          |         | component                      |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Source code URI                | https://github.com/github/go-spdx                                                                                        |  10.0 |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | URI of the executable form of  |                                                                                                                          |   0.0 |
|                                          |         | the component                  |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Hash value of the source code  |                                                                                                                          |   0.0 |
|                                          |         | of the component               |                                                                                                                          |       |
+                                          +---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+
|                                          | 5.3.2*  | Other unique identifiers       | pkg:golang/github.com/github/go-spdx/v2@v2.3.1?type=module&goos=linux&goarch=amd64                                       |  10.0 |
+------------------------------------------+---------+--------------------------------+--------------------------------------------------------------------------------------------------------------------------+-------+

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@riteshnoronha @viveksahu26 @LungTim